We tend to think of private enterprises as the most likely targets of hackers. After all, they have massive amounts of sensitive information, intellectual property, and potentially valuable data on hand. But while private enterprise is frequently a target, it’s certainly not the only one.
Since the start of 2018, a number of public institutions and city governments have been specifically targeted. In Atlanta, a ransomware attack
left city employees without access to their personal data. The same attack disabled citizens' ability to pay water bills, access airport Wi-Fi, and contact 311.
The Leominster Public Schools
in Massachusetts faced a similar situation. After ransomware affected two dozen school servers, almost all the computers in the district were disabled. Worse, the attack relied on a new generation of malware capable of targeting file backups, a common defense against ransomware. The district was not only attacked but attacked aggressively.
Why Target the Public Sector?
Attacks on the public sector are increasing, because the economics of cybercrime are evolving. Hackers have learned that personal information is sensitive and potentially valuable, but turning that data into actual money is not easy.
In order to reap more reliable rewards, hackers now choose to disable access to data/applications then demand a ransom to restore access. Since public institutions have a mandate to serve citizens, there is an urgent incentive to pay the ransom rather than fight the cybercriminals. Hackers, like all criminals, go where the money is, and the public sector has both the means and the motivation to pay up.
When Atlanta was targeted, hackers demanded a $50,000 ransom. Then, peculiarly, they rescinded their demand without fixing the problem. The city ultimately spent more than $2.6 million
to fix the issue independently. This situation underscores the fact that hackers have no reservations about disrupting the public and wreaking havoc on the most essential aspects of modern life.
Making Protection a Priority
Another reason hackers are targeting public institutions is that they are low-hanging fruit. Many have outdated or under-funded protections in place, making it especially easy for attacks to succeed. These institutions can’t stop themselves from being targets, but they can stop themselves from becoming victims by:
- Acknowledging the Issue – Cybersecurity must be a priority in public institutions, especially when maintaining public trust is important. Understand that personal data and critical systems have value if stolen or disrupted, but with targeted investment/protections, it’s possible to gain an edge over hackers.
- Tracking and Evaluating Cybersecurity – Most institutions, public and private alike, should determine the effectiveness of their cybersecurity program by not only understanding what’s valuable but what’s most vulnerable. Once identified, protections should be added and monitored.
- Focusing on the Weakest Points – The majority of successful cyberattacks originate in the email inbox. It is the ideal environment to catch people off-guard and bypass existing security measures. For that reason, securing the inbox requires a multi-layered approach, including sender authentication protocols, link/attachment analysis, and filtering and sandboxing capabilities. Securing the inbox specifically leads to greater cybersecurity across an institution.
- Prioritizing Training and Education – Since cybersecurity has not been a major priority in the public sector, many employees lack the necessary training and education. And since most attacks try to manipulate users through social engineering, naive users are a huge liability. A comprehensive approach to cybersecurity must focus on making users an integral part of the defense.
No private sector institution is too small or too remote to be attacked. Everyone needs layers of protection in place. Until that happens, institutions, governments, and the public at large are all at risk. The stability of society literally hangs in the balance.